v0.4.2

Added

• Support for AmneziaWG - a fork of Wireguard implementing traffic obfuscation. See Bridging over AmneziaWG.

Fixed

• Bug in Yggdrasil DPI feature causing packet loss under load and crippling TCP throughput.

New options

• wireguard_types = ["wireguard", "amneziawg"] (default is "wireguard") - set allowed wireguard implementations.
• wireguard_device_params.<type>.<param> = ... - override wireguard device configuration, including amneziawg obfuscation options.

v0.4.1

Added

• Support for bridging over WireGuard, eliminating latency fluctuations arising from proxying traffic in userspace, so it may be even faster, than using the yggdrasil router with a preconfigured direct peering. See Bridging over WireGuard.

New options

• wireguard = true (default is false) - send all traffic between peers using wireguard, eliminating added latency even under load. Only supported on linux, and requires CAP_NET_ADMIN capability or root privileges. See Bridging over WireGuard.

• wireguard_yggdrasil_keepalive (default is false) - whether to keep yggdrasil session alive, while wireguard bridge is active.

Note: Windows has a bug when multiplexing on the same udp port, see #5.

v0.4.0

General changes

• All NAT traversal is now done over UDP. This should improve traversal success rate by avoiding TCP shenanigans, which were frequently confusing the hell out of OS network layer.
• Proxying traffic is done using native OS threads for better performance.
• Reliable traffic delivery for tcp and tls peerings is implemented using KCP protocol, as TCP traversal is gone.
• Traversal messages are encoded using STUN, the same protocol as ICE/WebRTC use, potentially helping with traversal of excessively aggressive firewalls.

New configuration options

• --reconnect or yggdrasil_admin_reconnect = true (default is false) - reconnect to admin api if yggdrasil router was restated or yet to be started.
• only_peers_advertising_jumper = true (default is false) - only consider peering with nodes that advertise jumper support, i.e. have jumper: true in NodeInfo.
• failed_yggdrasil_traversal_limit = n (default is unlimited) - avoid repeated traversal attempts, if there already were n that failed.
• yggdrasil_dpi (highly experimental) - send network traffic over an unreliable channel (improves latency under load). See Advanced configuration.

Other changes

• stun-test binary can act as a minimal STUN server when provided with --serve and optionally --port.
• Number of packets sent when attempting firewall traversal over yggdrasil is reduced.
• Exponential timeout for STUN requests.

v0.3.1

Added

• Graceful handling for common shutdown signals.
• A retry procedure for NAT/firewall traversal, activating when multiple protocols, common with the remote, are available.
• An external address resolver logic is now avoids repetitively sending STUN requests to unresponsive servers.

Changed

• NAT/firewall traversal logic was adjusted to better utilize socket interface provided by the OS.

Fixed

• Shutdown delay when traversal attempt was ongoing.
• A forward-compatibility bug manifesting in an falsely reported error if new unknown field appeared in Admin API response.

v0.3.0

Added

• Support for UDP NAT/firewall traversal.
• Support for TLS and QUIC protocols (see yggdrasil_protocols and yggdrasil_listen config options).
• Support for addresses under 300::/7 subnet in the whitelist.

Changed

• Protocol version. Nodes running this new version will not be able to peer with earlier versions of the jumper.
• Creation of redundant connections for already existing peers is disabled by default (see avoid_redundant_peering config option).

Fixed

• Error that occurred when the router is of pre-release version.
• Inconsistent removal of peers from the router's list on the jumper termination.
• Infinite traversal condition when remote peer doesn't have the jumper enabled.

v0.2.0

• Add support for Yggdrasil 0.5